Upgrade to Pro — share decks privately, control downloads, hide ads and more …

EASM mistakes waiting to happen

JR0ch17
January 25, 2022

EASM mistakes waiting to happen

JR0ch17

January 25, 2022
Tweet

More Decks by JR0ch17

Other Decks in Technology

Transcript

  1. GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least

    Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
  2. GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates

    • Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring